Home alone and phishing schemes
April 8, 2020
With the restrictions brought on by COVID-19, many of us are spending a lot more time at home. I’m continuing to work, but I’m finding I have more free time these days. I spent Sunday alone at home and thoroughly enjoyed it.
With church services canceled, I was able to sleep late. Once I woke up, I watched my minister’s Sunday morning message on Facebook while drinking my morning coffee.
My coffeemaker, a Keurig that uses pods, picked that morning to give me only half a cup of coffee. That meant it was getting plugged up with mineral scaling from the water. I’ve used vinegar before to remove the scaling, but the taste it leaves behind doesn’t improve my coffee.
This time, I had an approved cleaning kit on hand. The extensive instructions turned out to be different language versions of the same two paragraphs. Basically, it told the correct ratio of water to descaling solution. Then I needed to check my coffeemaker guide on how to proceed.
A search through various equipment booklets and guides finally proved successful. I followed the instructions, which including waiting 30 minutes for the solution to soak with the machine turned on. After that, I was to use clean water and run 12 cycles of cups of hot water through the machine. My machine has a water reservoir which I had to fill several times. Cleaning the coffee machine took about an hour out of my day.
Even when I’m spending the day at home, I have a rule that I must shower, dress and dry my hair before I can eat lunch. With the delay for the coffeemaker cleaning, I didn’t eat lunch until 1:30 p.m.
After that, I spent some time walking on my treadmill for exercise.
Last week, President Trump recommended the wearing of fabric masks in public, although he said he wouldn’t wear one himself. I found a couple of patterns on the internet and decided that might be a good Sunday project.
I have a very fine but old sewing machine that I haven’t touched it in about ten years. It’s installed in a desk-like cabinet. On top of that cabinet was a television set, the old style cathode ray type. I had to crawl on the floor to get it unplugged. Then I tried lifting it. I could manage the weight, but the thing was so bulky it was hard to handle. I ended up putting it on the floor.
I got the sewing machine set up, threaded and tested. There was fabric stored in the drawers along with sewing supplies. Eventually, I produced a mask with ties. I’d be lucky to get a “C” in home economics class for my technique, but I was glad to see I still knew how to sew. When I have some free time, I may give it another try.
I spent Sunday evening watching TV. Channel 9 carried the ACM program “Our Country.” It was supposed to be the night for ACM awards, but that’s been postponed to September. Instead, various country artists performed from their homes, generally accompanying themselves on guitar.
Then Garth Brooks and Trisha Yearwood appeared for an hour, taking requests and performing numerous songs accompanied by Brooks on his guitar. It’s fun seeing these singers in a casual mood and setting.
The novel coronavirus or COVID-19 pandemic fears have given cybercriminals another avenue for gaining your personal information and your money through phishing emails.
Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
Recently the FBI, Secret Service and World Health Organization have all issued warnings. Some emails hint at availability of a vaccine while others claim to be from charitable organizations raising money for victims.
Monday afternoon, I received three emails offering me the opportunity to order masks from China. One was from “Layla”, one from “Betty” and one from “Chris” at eeccfactory. One addressed me as “Dear Boss marione.”
Making it easier for scammers, many legitimate coronavirus-emails are circulating right now. More employees are working from home, schools are updating parents and businesses are trying to ease customer concerns.
One of the early schemes detected appeared to be from the Centers for Disease Control (CDC) directing recipients to take forms or a website designed to steal log-in credentials. Access to a consumer email address may be enough to reset key passwords for banking and other financial accounts.
Rather than seeking credentials, some emails distribute malware. One version asks for help in finding a “cure” for coronavirus, urging people to download software onto their computers to assist in the effort. The download contains a virus capable of monitoring all activity on the device.
Other than the three mask offers Monday I haven’t received any COVID-19 themed scam emails. However, I’ve been receiving a couple of very persistent suspicious emails. One warns of possible fraudulent activity on my American Express account. This one is obvious because I don’t have such an account.
Another, supposedly from Microsoft, warns of unusual sign-in activity. It even gives the sign-in details. A quick tip-off is that the country/region is listed as Unted State (misspellings). If you just glance at it quickly, you might not notice. It also lists an IP address, platform (Windows 10) and browser: Mozilla Firefox.
How to Avoid Getting Scammed
Here are some additional tips from digital security experts:
• Think before you click. Eric Howes, principal lab researcher for KnowBe4, says the best thing consumers can do to protect themselves is just slow down. If something doesn’t seem right about an email, just delete it – ideally before you open it. You’re better off not taking the risk.
• Examine the link. Before you click on a link, try hovering your mouse over it. This will reveal the full address, which can expose signs of fraud. A “.ru” on the end, for example, means the site was created in Russia; “.br” means Brazil.
• Misspellings in URLs are another good tip-off to a fake website. If the URL says corronaviruss.com, it's best to avoid it. And if you get an email advertising a great deal on masks or hand sanitizer at a major retailer, open a window in your browser, search for the retailer’s web address, and compare it with the one in your email.
• Don’t assume that a website is legitimate just because its URL starts with “https.” Criminals like to use encryption, too.
• Don’t open attachments. They may contain malware. And you should never type confidential information into a form attached to an email. The sender can potentially track the info you enter.
• Guard your financial information. Be wary of emails asking for account numbers, credit card numbers, wire transfers, and failed transactions. There’s no reason to share such info via message or an unsecure site.
• Turn on auto updates. This goes for your computer, smartphone, and tablets. Up-to-date antivirus software goes a long way toward stopping malware.